ccd690a8addd81c2389f745851483c4a131af05af90adaf9e0ce87066c285034

Analysis

max time kernel
22s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bf828602dbc7310c860109e5090f9ba.exe
Size

184KB
MD5

9bf828602dbc7310c860109e5090f9ba
SHA1

68f9cf91b1842d4b6cd684604aae9ac45a4a43d6
SHA256

ccd690a8addd81c2389f745851483c4a131af05af90adaf9e0ce87066c285034
SHA512

d5fd408abc00d745768827608b3366b86b33b30ad9db69972ad00abe9432108444cf2a5e144932146f98b6f170b2627d412a21309ff9b3a442bed06979cea3ca
SSDEEP

3072:FsuEomLLPXf0nOj5MQP6vJ01pQ0M9aheASxKrafuNlPvpFC:FsFogP0nqMq6vJHK1LNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 37 IoCs

pid	Process
2428	Unicorn-29702.exe
1508	Unicorn-51513.exe
3036	Unicorn-39815.exe
2600	Unicorn-19500.exe
2740	Unicorn-3718.exe
2660	Unicorn-10262.exe
2800	Unicorn-44362.exe
1496	Unicorn-7968.exe
2952	Unicorn-7413.exe
1160	Unicorn-15581.exe
2832	Unicorn-41024.exe
2948	Unicorn-444.exe
1604	Unicorn-54284.exe
1772	Unicorn-29417.exe
2276	Unicorn-4720.exe
2396	Unicorn-25887.exe
1980	Unicorn-45753.exe
2888	Unicorn-58005.exe
1576	Unicorn-18679.exe
296	Unicorn-22484.exe
1936	Unicorn-59240.exe
952	Unicorn-18954.exe
1368	Unicorn-35696.exe
1908	Unicorn-6593.exe
1904	Unicorn-19552.exe
2876	Unicorn-2701.exe
1252	Unicorn-22567.exe
2136	Unicorn-46687.exe
3028	Unicorn-58939.exe
1492	Unicorn-59494.exe
1692	Unicorn-19682.exe
1616	Unicorn-65353.exe
1804	Unicorn-32104.exe
2748	Unicorn-7429.exe
2368	Unicorn-65353.exe
2672	Unicorn-44954.exe
2796	Unicorn-44954.exe

Loads dropped DLL 64 IoCs

pid	Process
2028	9bf828602dbc7310c860109e5090f9ba.exe
2028	9bf828602dbc7310c860109e5090f9ba.exe
2428	Unicorn-29702.exe
2428	Unicorn-29702.exe
2028	9bf828602dbc7310c860109e5090f9ba.exe
2028	9bf828602dbc7310c860109e5090f9ba.exe
1508	Unicorn-51513.exe
1508	Unicorn-51513.exe
2428	Unicorn-29702.exe
2428	Unicorn-29702.exe
3036	Unicorn-39815.exe
3036	Unicorn-39815.exe
2600	Unicorn-19500.exe
2600	Unicorn-19500.exe
1508	Unicorn-51513.exe
1508	Unicorn-51513.exe
2740	Unicorn-3718.exe
2740	Unicorn-3718.exe
2660	Unicorn-10262.exe
2660	Unicorn-10262.exe
3036	Unicorn-39815.exe
3036	Unicorn-39815.exe
2800	Unicorn-44362.exe
2800	Unicorn-44362.exe
2600	Unicorn-19500.exe
2600	Unicorn-19500.exe
1496	Unicorn-7968.exe
1496	Unicorn-7968.exe
2952	Unicorn-7413.exe
2952	Unicorn-7413.exe
2832	Unicorn-41024.exe
2740	Unicorn-3718.exe
2740	Unicorn-3718.exe
2832	Unicorn-41024.exe
1160	Unicorn-15581.exe
1160	Unicorn-15581.exe
2660	Unicorn-10262.exe
2660	Unicorn-10262.exe
1604	Unicorn-54284.exe
1604	Unicorn-54284.exe
1772	Unicorn-29417.exe
1772	Unicorn-29417.exe
1496	Unicorn-7968.exe
1496	Unicorn-7968.exe
1980	Unicorn-45753.exe
1980	Unicorn-45753.exe
2832	Unicorn-41024.exe
2832	Unicorn-41024.exe
2276	Unicorn-4720.exe
2276	Unicorn-4720.exe
2952	Unicorn-7413.exe
2952	Unicorn-7413.exe
1576	Unicorn-18679.exe
1576	Unicorn-18679.exe
2396	Unicorn-25887.exe
2396	Unicorn-25887.exe
2888	Unicorn-58005.exe
2888	Unicorn-58005.exe
1160	Unicorn-15581.exe
1160	Unicorn-15581.exe
1368	Unicorn-35696.exe
1368	Unicorn-35696.exe
296	Unicorn-22484.exe
296	Unicorn-22484.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
2028	9bf828602dbc7310c860109e5090f9ba.exe
2428	Unicorn-29702.exe
1508	Unicorn-51513.exe
3036	Unicorn-39815.exe
2600	Unicorn-19500.exe
2660	Unicorn-10262.exe
2740	Unicorn-3718.exe
2800	Unicorn-44362.exe
1496	Unicorn-7968.exe
2952	Unicorn-7413.exe
2832	Unicorn-41024.exe
1160	Unicorn-15581.exe
2948	Unicorn-444.exe
1604	Unicorn-54284.exe
1772	Unicorn-29417.exe
2276	Unicorn-4720.exe
1980	Unicorn-45753.exe
2888	Unicorn-58005.exe
1576	Unicorn-18679.exe
2396	Unicorn-25887.exe
296	Unicorn-22484.exe
1936	Unicorn-59240.exe
952	Unicorn-18954.exe
1368	Unicorn-35696.exe
1908	Unicorn-6593.exe
1904	Unicorn-19552.exe
2876	Unicorn-2701.exe
1252	Unicorn-22567.exe
3028	Unicorn-58939.exe
1492	Unicorn-59494.exe
2136	Unicorn-46687.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2428	2028	9bf828602dbc7310c860109e5090f9ba.exe	28
PID 2028 wrote to memory of 2428	2028	9bf828602dbc7310c860109e5090f9ba.exe	28
PID 2028 wrote to memory of 2428	2028	9bf828602dbc7310c860109e5090f9ba.exe	28
PID 2028 wrote to memory of 2428	2028	9bf828602dbc7310c860109e5090f9ba.exe	28
PID 2428 wrote to memory of 1508	2428	Unicorn-29702.exe	29
PID 2428 wrote to memory of 1508	2428	Unicorn-29702.exe	29
PID 2428 wrote to memory of 1508	2428	Unicorn-29702.exe	29
PID 2428 wrote to memory of 1508	2428	Unicorn-29702.exe	29
PID 2028 wrote to memory of 3036	2028	9bf828602dbc7310c860109e5090f9ba.exe	30
PID 2028 wrote to memory of 3036	2028	9bf828602dbc7310c860109e5090f9ba.exe	30
PID 2028 wrote to memory of 3036	2028	9bf828602dbc7310c860109e5090f9ba.exe	30
PID 2028 wrote to memory of 3036	2028	9bf828602dbc7310c860109e5090f9ba.exe	30
PID 1508 wrote to memory of 2600	1508	Unicorn-51513.exe	31
PID 1508 wrote to memory of 2600	1508	Unicorn-51513.exe	31
PID 1508 wrote to memory of 2600	1508	Unicorn-51513.exe	31
PID 1508 wrote to memory of 2600	1508	Unicorn-51513.exe	31
PID 2428 wrote to memory of 2740	2428	Unicorn-29702.exe	32
PID 2428 wrote to memory of 2740	2428	Unicorn-29702.exe	32
PID 2428 wrote to memory of 2740	2428	Unicorn-29702.exe	32
PID 2428 wrote to memory of 2740	2428	Unicorn-29702.exe	32
PID 3036 wrote to memory of 2660	3036	Unicorn-39815.exe	33
PID 3036 wrote to memory of 2660	3036	Unicorn-39815.exe	33
PID 3036 wrote to memory of 2660	3036	Unicorn-39815.exe	33
PID 3036 wrote to memory of 2660	3036	Unicorn-39815.exe	33
PID 2600 wrote to memory of 2800	2600	Unicorn-19500.exe	34
PID 2600 wrote to memory of 2800	2600	Unicorn-19500.exe	34
PID 2600 wrote to memory of 2800	2600	Unicorn-19500.exe	34
PID 2600 wrote to memory of 2800	2600	Unicorn-19500.exe	34
PID 1508 wrote to memory of 1496	1508	Unicorn-51513.exe	35
PID 1508 wrote to memory of 1496	1508	Unicorn-51513.exe	35
PID 1508 wrote to memory of 1496	1508	Unicorn-51513.exe	35
PID 1508 wrote to memory of 1496	1508	Unicorn-51513.exe	35
PID 2740 wrote to memory of 2952	2740	Unicorn-3718.exe	36
PID 2740 wrote to memory of 2952	2740	Unicorn-3718.exe	36
PID 2740 wrote to memory of 2952	2740	Unicorn-3718.exe	36
PID 2740 wrote to memory of 2952	2740	Unicorn-3718.exe	36
PID 2660 wrote to memory of 1160	2660	Unicorn-10262.exe	37
PID 2660 wrote to memory of 1160	2660	Unicorn-10262.exe	37
PID 2660 wrote to memory of 1160	2660	Unicorn-10262.exe	37
PID 2660 wrote to memory of 1160	2660	Unicorn-10262.exe	37
PID 3036 wrote to memory of 2832	3036	Unicorn-39815.exe	38
PID 3036 wrote to memory of 2832	3036	Unicorn-39815.exe	38
PID 3036 wrote to memory of 2832	3036	Unicorn-39815.exe	38
PID 3036 wrote to memory of 2832	3036	Unicorn-39815.exe	38
PID 2800 wrote to memory of 2948	2800	Unicorn-44362.exe	39
PID 2800 wrote to memory of 2948	2800	Unicorn-44362.exe	39
PID 2800 wrote to memory of 2948	2800	Unicorn-44362.exe	39
PID 2800 wrote to memory of 2948	2800	Unicorn-44362.exe	39
PID 2600 wrote to memory of 1604	2600	Unicorn-19500.exe	40
PID 2600 wrote to memory of 1604	2600	Unicorn-19500.exe	40
PID 2600 wrote to memory of 1604	2600	Unicorn-19500.exe	40
PID 2600 wrote to memory of 1604	2600	Unicorn-19500.exe	40
PID 1496 wrote to memory of 1772	1496	Unicorn-7968.exe	41
PID 1496 wrote to memory of 1772	1496	Unicorn-7968.exe	41
PID 1496 wrote to memory of 1772	1496	Unicorn-7968.exe	41
PID 1496 wrote to memory of 1772	1496	Unicorn-7968.exe	41
PID 2952 wrote to memory of 2276	2952	Unicorn-7413.exe	42
PID 2952 wrote to memory of 2276	2952	Unicorn-7413.exe	42
PID 2952 wrote to memory of 2276	2952	Unicorn-7413.exe	42
PID 2952 wrote to memory of 2276	2952	Unicorn-7413.exe	42
PID 2740 wrote to memory of 2396	2740	Unicorn-3718.exe	44
PID 2740 wrote to memory of 2396	2740	Unicorn-3718.exe	44
PID 2740 wrote to memory of 2396	2740	Unicorn-3718.exe	44
PID 2740 wrote to memory of 2396	2740	Unicorn-3718.exe	44

C:\Users\Admin\AppData\Local\Temp\9bf828602dbc7310c860109e5090f9ba.exe
"C:\Users\Admin\AppData\Local\Temp\9bf828602dbc7310c860109e5090f9ba.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        7⤵
        Executes dropped EXE
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        8⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        6⤵
        Executes dropped EXE
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        7⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        9⤵
        
        PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        7⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        6⤵
        Executes dropped EXE
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        8⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        7⤵
        
        PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        7⤵
        Executes dropped EXE
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34750.exe
        7⤵
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        6⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        8⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
        9⤵
        
        PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16449.exe
        6⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
        7⤵
        
        PID:1684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39815.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39815.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        6⤵
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        6⤵
        Executes dropped EXE
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        7⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38205.exe
        9⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        5⤵
        Executes dropped EXE
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        6⤵
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        5⤵
        Executes dropped EXE
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
        6⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        7⤵
        
        PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe

Filesize
184KB

MD5
d78864ae9836371c8c5bf9486795060a

SHA1
def0176df5250ada3c7379b03517c018505ce338

SHA256
18e8e8cf886c5f5de0ad9168463c5ae50bee5725d0a03e81c497b6c03a0a467f

SHA512
827da0f507611af43384a62ebfa244de9ba53363a0fcce9250357e637ae434383c9561356754bd0eb604ecdad75ac5a1bb561534895970cfce2d5830a2d152d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe

Filesize
184KB

MD5
2d0164a8c9b77c548cb96df13ac084e2

SHA1
8885ee5c8126d8bf71eb046f86de166188159914

SHA256
a76ae7c2e41704db9a85b6ad35d296c4058040e7d9bfe69f39598db831f8907d

SHA512
29141b765c5d53c235f4524449d66dc9a32a3b537d0420bea4710898cdd422a987fb7dac8e974072e6e6d8431d51f3b4c14bd69dd136fb158f52f691df468081

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe

Filesize
184KB

MD5
c2d7eeeeb42e9de92aa79915e8ce64e0

SHA1
21dbe4c05c7c20f34b9f8edb564f4707c5f7a6d9

SHA256
ead9531e1adc02d66113095a2e9dca79805581b326a59d0a6161e33d11febcac

SHA512
4bf045247c41a671f85630313f9d1d01048a1bc7ae3b882f8f8ca1afed2e6364a2c23f4c2b37d75b28ca0e26bf44eef463db58cbf3abeca62835976bcc8dc160

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe

Filesize
184KB

MD5
91dd8dcfc5266a846f6ab334297e9de7

SHA1
d5d92070a3d75e56516ec873f80c150dbb47ac47

SHA256
bfc1f66cb4e2bd35430511141acfd89e823b250ca22218cbadf076bbb63aab36

SHA512
8aef7df5ead96c0d7a98bc2e8bff17ebb4454dbd576920b7667bc07790c63e6b9dce4e3cd21cd0d4550aa6484654430198c51fc8c559b90fdfb7c2e3b46f4aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe

Filesize
184KB

MD5
dfd7aa59431f1327e76fc37335b3ce69

SHA1
f882a230fe5e306ad6f3fe4fa7629160db52696f

SHA256
faa0042e41788871e3b8cd193377de4e36f32380838a22d05dd146a1c7b0518c

SHA512
722739110d217578fa4123e8580e26d32af254857c0bd0f0cee6a4ec8165b6f97fcaed34132d45e89a24b3cf0c34f9716ef832582cb36082dd77c12cd951573a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39815.exe

Filesize
184KB

MD5
939470c3bc4ef1d53a67a537ac1e5c51

SHA1
4c5da52f79844d2839483dcc0c163519dbfbf0c2

SHA256
0be001178b974363862d696e0e1acaa91fd6ec0cb907590898c7cbb1b49cb887

SHA512
7fd4daac4db7cc037c965769e47965ec45a1948180433cbb610a7aa320007b21b2e94dc82fa7b868ea3048cc9b660093652727748cfdfc738ebb6871439d6246

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe

Filesize
184KB

MD5
c99c1a815183594678ac416342c87d94

SHA1
760c8679b2e64eacbe0197619856bbfd88aec3af

SHA256
59a88b308a29d667e1d655f78df8ef134ca976889b6211f805c2cae7ad832c91

SHA512
d0cad5d688492924c1a9d0ffb502785303261e92cc288623f574aba62df935e6c2c03710b6b1aa55e84f5f11fe796c8ecc29e577c30e6d4d53360580ba7e4cd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe

Filesize
184KB

MD5
9804eb70a8494b9223a502082cc6ccc7

SHA1
e565775d15e9bff93bc604209ababed9822bccad

SHA256
e4ace2d668ae32bc49c207402a9c3040cd136a736f2ab6745f4afa3c95faf171

SHA512
34a590d7a3ce8652f79ad17f3e33fdade02c8c88e18ff4594f9bad000ffd4fb68efcf846a015a4ee78bed044c22b1277010a39d11616d38ded9bc7b915343776

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe

Filesize
184KB

MD5
f3b4e4879ea4ff082bda3db978af54ee

SHA1
342a847b63fa542613cee6c41950cdf56c7a21c0

SHA256
f4778d0c8fa045df08493e62b045236fa528edeb748242d7e1adb66a0f9ea8bd

SHA512
3e65b2a0753e34f1507b70d975c567a789aaa1e84914e522974ba16fc49a1bf41e6e07c3ff0774627190933c310499eb981612483720869bc668095b06b64c54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe

Filesize
184KB

MD5
9e8e60ed27b20fdf9c05995bc26fb5a7

SHA1
168d9012c9dc1a13cf81de94b0b33c8b22cfeabe

SHA256
aa169206f649a1350d5a987b01729a63867575a990eae6f72b074207f2fd54f6

SHA512
66f883f0fe57964be7e522f8c62e02d402eeff6df8af5a024a3abebcbf25fb265cada072505f8f4f04ba070c493917ee92af1c43762c6c695d834ec710466ee5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe

Filesize
184KB

MD5
77f6f03950ecf4b154d275f579a08531

SHA1
1f9be33c5a4614d1e443c5637ba45254ceeb7c4d

SHA256
95597e782ff61f319fcdffc866f553607aad71f584f42fea46ab104cc050cfad

SHA512
bfff42fdb6d3fc6929a01b75e9955c9739113ec8e8ec4504a5b5c8459f004c1b03df77bdb9b67781bfd587e7b6fdb9cc508852cff01126f6b70646d9842d34f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe

Filesize
184KB

MD5
9f3cc0aacd756b6b2fa190180dcf4e2e

SHA1
00e0a9451349172613d5e603ea1bf332664bf361

SHA256
df33c4df428735b75a12aa99a7fe7a7ca3dee4f6cf0ae3e938409c75609c82b0

SHA512
5bcbf10e85c9aba2d872664b362d4fb33d0cca751a8dcb0cd998bc79cbdbb3b97086b66e1402c2f0f52362cb452deb0d10f5bbb3ac7d497027a62943fa79be37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-444.exe

Filesize
184KB

MD5
ed9210f9f94f1a5320657d4d9792512b

SHA1
167f140d3eeb9afe19ff6c4f67868de4e2513435

SHA256
6b56b39ebd7f52930a203fa776585578633eb5b0ed31c2fcf11690b8a8885a64

SHA512
c9ac1df0542cd06b1a4c8a9bfba8611da644bacb0ef1101fd94b384c41e225d0c47fea79ec305410537806e8699f1bb7b6974082885c0b4ad334bfafbc7d3f1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe

Filesize
184KB

MD5
c58da3ed90c6875e81a86b5cede42475

SHA1
474b9f565c8d3aa420e4909793ea7553c08190f0

SHA256
18cea2ddb0cdded0a2a6a11f3bf534fe1deb4f66d748d18985080faf5fce1088

SHA512
0c6606d2b1fff099d51c6c007442e1119724ea8b7a03d38d4ef064f73044e1f44db2decadb82b38ee94774686e70b4c4911e4eaf99c4cece264e496111555f8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe

Filesize
184KB

MD5
fb16ed5a170ea9a4fef0be68c1278791

SHA1
399be3ff4e5b19fc2bff2297aad52261cb75d0a7

SHA256
dd379168cbccc79f6ced46d4a5f20b222b1211befed07d28290ea06751c15e51

SHA512
4bfd8d83faf7726baccfe11fcf900b30e767779569d603e6c2b60a12ae12e361a708f94c30626656c3b1d93759870232034ce74333a56bc9ce5853e900c79427

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe

Filesize
184KB

MD5
438b3f528d13e8327fbe6da200193649

SHA1
878ab979f2cabf0fa1c7e276be40beec72a8d4b8

SHA256
1e60b16e3e06856ff2df7b00117d4885cee0aa26729df91c4860a1920d8609e5

SHA512
cbb531bf45fc2b862ad8f5ab671761b4a77edb3353afa82db0fef857080d3f143bd5c3cf44c18dac0285b9b953273445ceed31d4b301bf683d0100714fd83d9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe

Filesize
184KB

MD5
ff5daf8050e7853d95bc8258a4f75279

SHA1
26af81bc5a2ae0eb846708faf73afb28e58b9a75

SHA256
a779b5874b0c03c62869fb4055a4e30f7ef69936baf3e3982c6c0ee43049a8a1

SHA512
87423aafd99257b8a5a78f46b8029c9b0f17ce91ac7c02486833a6c74c14cc5e03702be1736de5642c30fa2dd8ca14d75e6527468743725a7e1c72696b89ebd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe

Filesize
184KB

MD5
3bab55d25564900194459b14e72528cd

SHA1
66ad22937564f824d2de9de44607df66224fe6dc

SHA256
7bbe9893573b8d4d463b0da74470937f42143ea3e135540c1388d966142bfc4e

SHA512
f7aa19b373454f91890e7218d89e25bcb1805a48f436e73596aa926d46037d39db04f73874b54129b9dfbd66ba17558d80b4eef0b63a384bdf57ee13fbc2298c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe

Filesize
184KB

MD5
96b8d6551acfbe66f7510c64f343d9a1

SHA1
f7c7f0cd23a41f58b6781dc80c94f6e153aa49ba

SHA256
47e43c5acda99f7db74207a80ed2c308f793c13b1bbf35d953ac1deb3e6dced3

SHA512
44ff8535346f6e2947cd40bf8d4e24045ba66108c1dda2bd766c0f32c78873a80adef8eb24320db27b1250afcd7a14692ec2fc1790dd5a074f0ed633e7fc291b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads